8000 Nokogiri implementation of libxslt vulnerable to heap corruption · Issue #15 · swipely/reinvent-demo · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Feb 14, 2024. It is now read-only.
< 94E7 div id="partial-discussion-header" class="gh-header mb-3 js-details-container Details js-socket-channel js-updatable-content issue" data-channel="eyJjIjoiaXNzdWU6MTc5NDQ4MjM2MCIsInQiOjE3NTAwODIwNzd9--4c7610ea27c653a1bc32b74957c05a4aab11d7d3fe9e65127e93eeeb6f511e06" data-url="/swipely/reinvent-demo/issues/15/show_partial?partial=issues%2Ftitle&sticky=true" data-gid="I_kwDOANV2Xs5q9aC4">

Nokogiri implementation of libxslt vulnerable to heap corruption #15

Open
sniffler-app bot opened this issue Jul 7, 2023 · 0 comments
Open

Nokogiri implementation of libxslt vulnerable to heap corruption #15

sniffler-app bot opened this issue Jul 7, 2023 · 0 comments
Assignees
@ls-barnaby-claydon
Labels
dependabot high security

Comments

@sniffler-app
Copy link
sniffler-app bot commented Jul 7, 2023

Description

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.

Informations

Manifest Path: Gemfile.lock

Please look at dependabot report: https://github.com/swipely/reinvent-demo/security/dependabot/38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ls-barnaby-claydon ls-barnaby-claydon

Labels
dependabot high security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ls-barnaby-claydon
0